init/upstart/test-init/test_utils.sh - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2017 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Utility functions for chromeos_startup to run for test images (loaded by
 # dev_utils.sh).

 # Flag file indicating that mount encrypted stateful failed last time.
 # If the file is present and mount_encrypted failed again, machine would enter
 # self-repair mode.
 # It should be the same as MOUNT_ENCRYPTED_FAILED_FILE in chromeos_startup.
 MOUNT_ENCRYPTED_FAILED_FILE="/mnt/stateful_partition/mount_encrypted_failed"

 # Load factory utilities.
 . /usr/share/cros/factory_utils.sh

 # Intended to be empty and may be overridden in system_key_utils.sh.
 #
 # This is to prevent do_mount_var_and_home_chronos() below from failing due to
 # undefined create_system_key.
 create_system_key() {
   :
 }

 # Loads encstateful system key utilities if the script exists. The script only
 # exists on TPM 2.0 devices that encrypt stateful.
 if [ -f /usr/share/cros/system_key_utils.sh ]; then
   . /usr/share/cros/system_key_utils.sh
 fi

 # Overrides do_mount_var_and_home_chronos in chromeos_startup.
 do_mount_var_and_home_chronos() {
   if is_factory_mode; then
     factory_mount_var_and_home_chronos
   else
     # If this is a TPM 2.0 device that supports encrypted stateful, creates and
     # persists a system key into NVRAM and backs the key up if it doesn't exist.
     # If the call create_system_key is successful, mount_var_and_home_chronos
     # will skip the normal system key generation procedure; otherwise, it will
     # generate and persist a key via its normal workflow.
     #
     # Check system_key_utils.sh for details.
     #
     # For devices that have no TPM 2.0 chip or don't encrypted stateful, this
     # call is no-op.
     create_system_key

     if [ ! -O "${MOUNT_ENCRYPTED_FAILED_FILE}" ]; then
       # Try to use the original handler in chromeos_startup.
       # It should not wipe whole stateful partition in this case.
       mount_var_and_home_chronos
       return $?
     fi

     if ! mount_var_and_home_chronos; then
       # Try to re-construct encrypted folders, otherwise such failure will lead
       # to wiping whole stateful partition (including all helpful programs in
       # /usr/local/bin and sshd).
       clobber-log -- "Failed mounting var and home/chronos; re-created."
       crash_reporter --early --log_to_stderr --mount_failure \
         --mount_device="encstateful"
       local backup_dir="/mnt/stateful_partition/corrupted_encryption"
       rm -rf "${backup_dir}"
       mkdir -p "${backup_dir}"
       mv /mnt/stateful_partition/encrypted.* "${backup_dir}"
       mount_var_and_home_chronos
     fi
   fi
 }
	# Copyright 2017 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Utility functions for chromeos_startup to run for test images (loaded by
	# dev_utils.sh).

	# Flag file indicating that mount encrypted stateful failed last time.
	# If the file is present and mount_encrypted failed again, machine would enter
	# self-repair mode.
	# It should be the same as MOUNT_ENCRYPTED_FAILED_FILE in chromeos_startup.
	MOUNT_ENCRYPTED_FAILED_FILE="/mnt/stateful_partition/mount_encrypted_failed"

	# Load factory utilities.
	. /usr/share/cros/factory_utils.sh

	# Intended to be empty and may be overridden in system_key_utils.sh.
	#
	# This is to prevent do_mount_var_and_home_chronos() below from failing due to
	# undefined create_system_key.
	create_system_key() {
	:
	}

	# Loads encstateful system key utilities if the script exists. The script only
	# exists on TPM 2.0 devices that encrypt stateful.
	if [ -f /usr/share/cros/system_key_utils.sh ]; then
	. /usr/share/cros/system_key_utils.sh
	fi

	# Overrides do_mount_var_and_home_chronos in chromeos_startup.
	do_mount_var_and_home_chronos() {
	if is_factory_mode; then
	factory_mount_var_and_home_chronos
	else
	# If this is a TPM 2.0 device that supports encrypted stateful, creates and
	# persists a system key into NVRAM and backs the key up if it doesn't exist.
	# If the call create_system_key is successful, mount_var_and_home_chronos
	# will skip the normal system key generation procedure; otherwise, it will
	# generate and persist a key via its normal workflow.
	#
	# Check system_key_utils.sh for details.
	#
	# For devices that have no TPM 2.0 chip or don't encrypted stateful, this
	# call is no-op.
	create_system_key

	if [ ! -O "${MOUNT_ENCRYPTED_FAILED_FILE}" ]; then
	# Try to use the original handler in chromeos_startup.
	# It should not wipe whole stateful partition in this case.
	mount_var_and_home_chronos
	return $?
	fi

	if ! mount_var_and_home_chronos; then
	# Try to re-construct encrypted folders, otherwise such failure will lead
	# to wiping whole stateful partition (including all helpful programs in
	# /usr/local/bin and sshd).
	clobber-log -- "Failed mounting var and home/chronos; re-created."
	crash_reporter --early --log_to_stderr --mount_failure \
	--mount_device="encstateful"
	local backup_dir="/mnt/stateful_partition/corrupted_encryption"
	rm -rf "${backup_dir}"
	mkdir -p "${backup_dir}"
	mv /mnt/stateful_partition/encrypted.* "${backup_dir}"
	mount_var_and_home_chronos
	fi
	fi
	}